Table of contents

1. Security Roles
   1. Properties
   2. controller above methods
   3. controller body
   4. views/gsp
   5. Check user security roles

---

Security Roles

Properties

 application.groovy=[pattern: '/adminDashboard/**', access: ['ROLE_ADMIN']]    

controller above methods

@Secured(['ROLE_USER', 'ROLE_ADMIN'])     

@Secured("hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")     

@Secured("(hasRole('ROLE_ORDER_SHOW') or hasRole('ROLE_RESULT_SHOW') ) and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")     

@Secured("hasAnyRole('ROLE_ORDER_SHOW', 'ROLE_RESULT_SHOW') and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")    

    @Secured(value = ['permitAll'], httpMethod = 'POST')    

    @Secured(value = ['IS_AUTHENTICATED_ANONYMOUSLY'], httpMethod = 'POST')    

controller body

SpringSecurityUtils.ifAllGranted('ROLE_ADMIN')

SpringSecurityUtils.ifNotGranted()

SpringSecurityUtils.ifAnyGranted()     

views/gsp

<sec:ifLoggedIn>
    <sec:ifNotLoggedIn>     

Check user security roles

def user = springSecurityService?.authentication?.details

//Check security context     
def authentication = SecurityContextHolder.getContext().getAuthentication()

//Checking variables in security notation in controller     
@Secured(closure = {
    def status = ctx.templateService.getTemplate(request.getParameter('id')).status.name()
    (hasRole("ROLE_ADMIN_TP") && status != 'UNPUBLISH' || 'DRAFT')
})